[Git][security-tracker-team/security-tracker][master] "new" python issues

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f3860d25 by Moritz Muehlenhoff at 2023-08-23T10:47:43+02:00
"new" python issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -128,11 +128,25 @@ CVE-2022-48566 (An issue was discovered in compare_digest in Lib/hmac.py in Pyth
 	NOTE: https://github.com/python/cpython/commit/8183e11d87388e4e44e3242c42085b87a878f781
 	NOTE: https://github.com/python/cpython/issues/84968
 CVE-2022-48565 (An XML External Entity (XXE) issue was discovered in Python through 3. ...)
-	TODO: check
+	- python3.9 3.9.1~rc1-1
+	- python3.7 <removed>
+	NOTE: https://github.com/python/cpython/issues/86217
+	NOTE: https://github.com/python/cpython/commit/05ee790f4d1cd8725a90b54268fc1dfe5b4d1fa2 (v3.10.0a2)
+	NOTE: https://github.com/python/cpython/commit/479553c7c11306a09ce34edb6ef208133b7b95fe (3.9)
+	NOTE: https://github.com/python/cpython/commit/e512bc799e3864fe3b1351757261762d63471efc (v3.7.10)
 CVE-2022-48564 (read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a po ...)
-	TODO: check
+	- python3.9 3.9.1~rc1-1
+	- python3.7 <removed>
+	NOTE: https://github.com/python/cpython/issues/86269
+	NOTE: https://github.com/python/cpython/commit/34637a0ce21e7261b952fbd9d006474cc29b681f	(v3.10.0a2)
+	NOTE: https://github.com/python/cpython/commit/e277cb76989958fdbc092bf0b2cb55c43e86610a (3.9)
+	NOTE: https://github.com/python/cpython/commit/225e3659556616ad70186e7efc02baeebfeb5ec4 (v3.7.10)
 CVE-2022-48560 (A use-after-free exists in Python through 3.9 via heappushpop in heapq ...)
-	TODO: check
+	- python3.9 <not-affected> (Fixed before initial upload to the archive)
+	- python3.7 <removed>
+	NOTE: https://github.com/python/cpython/issues/83602
+	NOTE: https://github.com/python/cpython/commit/79f89e6e5a659846d1068e8b1bd8e491ccdef861 (v3.9.0a3)
+	NOTE: https://github.com/python/cpython/commit/958064f8d2b84062b0582bbae911df8ccfc11fd6 (v3.7.7rc1)
 CVE-2022-48554 (File before 5.43 has an stack-based buffer over-read in file_copystr i ...)
 	- file 1:5.44-1
 	NOTE: https://bugs.astron.com/view.php?id=310



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3860d25f93d54d86a85f2590e76a06cf11ea425

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3860d25f93d54d86a85f2590e76a06cf11ea425
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230823/88ef650c/attachment.htm>